Misplaced Pages

Local Security Authority Subsystem Service

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

In computing , a process is the instance of a computer program that is being executed by one or many threads . There are many different process models, some of which are light weight, but almost all processes (even entire virtual machines ) are rooted in an operating system (OS) process which comprises the program code, assigned system resources, physical and logical access permissions, and data structures to initiate, control and coordinate execution activity. Depending on the OS, a process may be made up of multiple threads of execution that execute instructions concurrently .

#886113

24-538: Local Security Authority Subsystem Service ( LSASS ) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens . It also writes to the Windows Security Log . Forcible termination of lsass.exe will result in

48-402: A shell pipeline , the output of the first process needs to pass to the second one, and so on. Another example is a task that has been decomposed into cooperating but partially independent processes which can run simultaneously (i.e., using concurrency, or true parallelism – the latter model is a particular case of concurrent execution and is feasible whenever multiple CPU cores are available for

72-740: A virtual memory system, where regions of a process's memory may be really on disk and not in main memory at any time. Even portions of active processes/tasks (executing programs) are eligible for swapping to disk, if the portions have not been used recently. Not all parts of an executing program and its data have to be in physical memory for the associated process to be active. An operating system kernel that allows multitasking needs processes to have certain states . Names for these states are not standardised, but they have similar functionality. When processes need to communicate with each other they must share parts of their address spaces or use other forms of inter-process communication (IPC). For instance in

96-506: A computer program is a passive collection of instructions typically stored in a file on disk, a process is the execution of those instructions after being loaded from the disk into memory. Several processes may be associated with the same program; for example, opening up several instances of the same program often results in more than one process being executed. Multitasking is a method to allow multiple processes to share processors (CPUs) and other system resources. Each CPU (core) executes

120-744: A process is one of the properties that the kernel stores in the process's PCB. The role of the PCBs is central in process management : they are accessed and/or modified by most utilities, particularly those involved with scheduling and resource management. In multitasking operating systems, the PCB stores data needed for correct and efficient process management. Though the details of these structures are system-dependent, common elements fall in three main categories: Status tables exist for each relevant entity, like describing memory, I/O devices, files and processes. Memory tables, for example, contain information about

144-498: A process when it is suspended, allowing the OS to restart it later. This always includes the content of general-purpose CPU registers, the CPU process status word, stack and frame pointers, etc. During context switch , the running process is stopped and another process runs. The kernel must stop the execution of the running process, copy out the values in hardware registers to its PCB, and update

168-411: A single process at a time. However, multitasking allows each processor to switch between tasks that are being executed without having to wait for each task to finish ( preemption ). Depending on the operating system implementation, switches could be performed when tasks initiate and wait for completion of input/output operations, when a task voluntarily yields the CPU, on hardware interrupts , and when

192-403: A time: it is impossible to run more programs at the same time. A program might need some resource , such as an input device, which has a large delay, or a program might start some slow operation, such as sending output to a printer. This would lead to processor being "idle" (unused). To keep the processor busy at all times, the execution of such a program is halted and the operating system switches

216-416: Is "something that takes up time", as opposed to "memory", which is "something that takes up space". The above description applies to both processes managed by an operating system, and processes as defined by process calculi . If a process requests something for which it must wait, it will be blocked. When the process is in the blocked state , it is eligible for swapping to disk, but this is transparent in

240-465: Is called concurrency . For security and reliability, most modern operating systems prevent direct communication between independent processes, providing strictly mediated and controlled inter-process communication. In general, a computer system process consists of (or is said to own ) the following resources: The operating system holds most of this information about active processes in data structures called process control blocks . Any subset of

264-533: Is most likely a virus , spyware , trojan or worm . Due to the way some systems display fonts, malicious developers may name the file something like Isass.exe (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file. The Sasser worm spreads by exploiting a buffer overflow in the LSASS on Windows XP and Windows 2000 operating systems. Process (computing) While

SECTION 10

#1732797196887

288-403: Is said to own resources, of which an image of its program (in memory) is one such resource. However, in multiprocessing systems many processes may run off of, or share, the same reentrant program at the same location in memory, but each process is said to own its own image of the program. Processes are often called "tasks" in embedded operating systems. The sense of "process" (or task)

312-404: The advent of concepts such as time-sharing , computer networks , and multiple-CPU shared memory computers, the old "multiprogramming" gave way to true multitasking , multiprocessing and, later, multithreading . Process control block A process control block ( PCB ), also sometimes called a process descriptor , is a data structure used by a computer operating system to store all

336-404: The allocation of main and secondary (virtual) memory for each process, authorization attributes for accessing memory areas shared among different processes, etc. I/O tables may have entries stating the availability of a device or its assignment to a process, the status of I/O operations, the location of memory buffers used for them, etc. Process identification data include a unique identifier for

360-451: The appearance of many processes executing simultaneously (that is, in parallel ), though in fact only one process can be executing at any one time on a single CPU (unless the CPU has multiple cores, then multithreading or other similar technologies can be used). It is usual to associate a single process with a main program, and child processes with any spin-off, parallel processes, which behave like asynchronous subroutines. A process

384-451: The information about a process . When a process is created (initialized or installed), the operating system creates a corresponding process control block, which specifies and tracks the process state (i.e. new, ready, running, waiting or terminated). Since it is used to track process information, the PCB plays a key role in context switching . An operating system kernel stores PCBs in a process table. The current working directory of

408-758: The operating system scheduler decides that a process has expired its fair share of CPU time (e.g, by the Completely Fair Scheduler of the Linux kernel ). A common form of multitasking is provided by CPU's time-sharing that is a method for interleaving the execution of users' processes and threads, and even of independent kernel tasks – although the latter feature is feasible only in preemptive kernels such as Linux . Preemption has an important side effect for interactive processes that are given higher priority with respect to CPU bound processes, therefore users are immediately assigned computing resources at

432-403: The process (almost invariably an integer) and, in a multiuser-multitasking system, data such as the identifier of the parent process, user identifier, user group identifier, etc. The process id is particularly relevant since it is often used to cross-reference the tables defined above, e.g. showing which process is using which I/O devices, or memory areas. Process state data define the status of

456-629: The processes that are ready to run). It is even possible for two or more processes to be running on different machines that may run different operating system (OS), therefore some mechanisms for communication and synchronization (called communications protocols for distributed computing) are needed (e.g., the Message Passing Interface {MPI}). By the early 1960s, computer control software had evolved from monitor control software , for example IBSYS , to executive control software . Over time, computers got faster while computer time

480-400: The processor to run another program. To the user, it will appear that the programs run at the same time (hence the term "parallel"). Shortly thereafter, the notion of a "program" was expanded to the notion of an "executing program and its context". The concept of a process was born, which also became necessary with the invention of re-entrant code . Threads came somewhat later. However, with

504-607: The resources, typically at least the processor state, may be associated with each of the process' threads in operating systems that support threads or child processes. The operating system keeps its processes separate and allocates the resources they need, so that they are less likely to interfere with each other and cause system failures (e.g., deadlock or thrashing ). The operating system may also provide mechanisms for inter-process communication to enable processes to interact in safe and predictable ways. A multitasking operating system may just switch between processes to give

SECTION 20

#1732797196887

528-428: The simple pressing of a key or when moving a mouse. Furthermore, applications like video and music reproduction are given some kind of real-time priority, preempting any other lower priority process. In time-sharing systems, context switches are performed rapidly, which makes it seem like multiple processes are being executed simultaneously on the same processor. This seemingly-simultaneous execution of multiple processes

552-408: The system losing access to any account, including NT AUTHORITY, prompting a restart of the machine. Because, lsass.exe is a crucial system file, its name is often faked by malware. The lsass.exe file used by Windows is located in the directory %WINDIR%\System32 , and the description of the file is Local Security Authority Process . If it is running from any other location, that lsass.exe

576-626: Was still neither cheap nor fully utilized; such an environment made multiprogramming possible and necessary. Multiprogramming means that several programs run concurrently . At first, more than one program ran on a single processor, as a result of underlying uniprocessor computer architecture, and they shared scarce and limited hardware resources; consequently, the concurrency was of a serial nature. On later systems with multiple processors , multiple programs may run concurrently in parallel . Programs consist of sequences of instructions for processors. A single processor can run only one instruction at

#886113